Internal control and risk management
Basic plan and annual plans for internal control
Based on the basic plan for internal control systems, every fiscal year, Medley draws up an annual plan for the Medley corporate group, including Medley and its subsidiaries, in order to ensure the efficiency and effectiveness of the execution of the duties of the corporate group and to enhance management of the risk of loss. We thereby endeavor to expand our internal control system.
The annual internal control plan systematically strengthens internal controls by addressing a wide range of matters each fiscal year, including expansion of our compliance system, strengthening risk management, and expanding our internal control system.
As an important organization supporting our internal control system, we have established the Internal Audit Office, which reports directly to the President and Chief Executive Officer. We have assigned staff members to this office to provide consultation regarding issues including, but not limited to, the appropriateness of business execution and J-SOX evaluation.
In order to strengthen its internal controls for financial reporting, Medley continuously works to make improvements in line with the "Implementation Standards for Evaluation and Audit of Internal Control over Financial Reporting". Regarding IT control of information systems, we are working to improve and expand our management systems in terms of both general control and business process control.
Auditing work covers all operations, including those of group companies, and evaluates the appropriateness of management of company operations and the appropriateness and risks of service operations from the standpoint of an internal third party in order to control factors that could interfere with the achievement of management strategy goals. In addition, based on the company’s views regarding our approach to risk, including continuous monitoring, and with consideration given to changes such as expansion of the overall scale of the Group's business operations and rising social expectations, we prioritize important business fields and auditing themes and conduct internal auditing work including monitoring of the Group’s internal audit system, business and system auditing, and confirmation and monitoring of basic internal controls.
Risk management system
Based on our risk management regulations, Medley has established a Risk Management Committee composed of full-time members and has also established a Legal Compliance Department to serve as the secretariat of the Risk Management Committee and carry out its functions. The Risk Management Committee assesses risks, considers responses to risk, and carries out and monitors these responses. In addition, we have established an internal reporting system based on internal reporting regulations in order to establish compliance regulations, ensure compliance with laws and social norms by executives and employees, instill a strong compliance mentality, and quickly discover internal misconduct.
The Corporate Division is the main department in charge of risk assessment and, through information sharing and regular consultation among departments throughout the organization, it works to ensure the early detection and prevention of emergence of risks. In case of unforeseen events or circumstances, a response team is established in accordance with risk management regulations and an appropriate and timely response to the situation, including appropriate issuance of information to persons inside and outside the company, is implemented.
Risk management actions may include efforts such as mapping out of company-wide risks (risk mapping), timely reporting of incidents when they occur, analysis and support for preventative measures, and conducting of risk training for managers. Decisions regarding appropriate actions are made by the Risk Management Committee and details regarding such decisions are regularly reported to the Board of Directors.
Prevention of corruption
Medley strives for thorough compliance with laws and regulations by, in accordance with compliance regulations, always conducting fair, transparent, and free competition and providing all employees with basic corporate ethics and compliance training and training on insider trading prevention. In addition, we maintain proper corporate governance and conduct efficient business activities in order to fulfill our corporate social responsibilities and earn the trust and understanding of all stakeholders. We prohibit the acceptance from and provision to our business partners of gifts, food, and beverages in excess of appropriate ranges. Provision of the following to public officials (including parties regarded as public officials) for the purpose of receiving favorable treatment for the Company’s businesses is also prohibited: non-monetary bribes such as parting gifts, incense, gifts such as congratulatory gifts, year-end gifts, and mid-year gifts, and entertainment such as golf and banquets.